BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
CrowdStrike says it will lay off 500 workers
/in General NewsThe cybersecurity company said it will lay off 5% of its global workforce.
Security News | TechCrunch – Read More
New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA
/in General NewsBy baking minimum expectations into procurement conversations, the plan is to steer software vendors to “secure-by-design and default” basics.
The post New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA appeared first on SecurityWeek.
SecurityWeek – Read More
Poland arrests four in global DDoS-for-hire takedown
/in General NewsThe suspects allegedly operated six platforms that offered distributed denial-of-service attacks for as little as 10 euros.
The Record from Recorded Future News – Read More
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks
/in General NewsEuropol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world.
In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms.
“The suspects are believed to be behind six separate
The Hacker News – Read More
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
/in General NewsA second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.
“This is due to the create_wp_connection() function missing a capability check and
The Hacker News – Read More
Infrastructure as Code: An IaC Guide to Cloud Security
/in General NewsIaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can’t keep up.
darkreading – Read More
US Sanctions Myanmar Militia Involved in Cyber Scams
/in General NewsThe US has sanctioned Myanmar warlord Saw Chit Thu and his militia for their roles in cyber scams causing billions in losses to American victims.
The post US Sanctions Myanmar Militia Involved in Cyber Scams appeared first on SecurityWeek.
SecurityWeek – Read More
Europol, Poland Bust Major DDoS-for-Hire Operation, Arrest 4
/in General NewsPolish authorities arrest 4 behind major DDoS-for-hire sites used in global attacks. Europol, US, Germany, and Dutch forces…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks
/in General NewsAustin, USA / Texas, 7th May 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA
/in General NewsCISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More